Type/Severity

Topic

Red Hat Product Security has rated this update as having Critical securityimpact. Common Vulnerability Scoring System (CVSS) base scores, which givedetailed severity ratings, are available for each vulnerability from theCVE links in the References section.

The CVE-2014-6512 issue was discovered by Florian Weimer of Red HatProduct Security.

Note: With this update, the IBM SDK now disables the SSL 3.0 protocol toaddress the CVE-2014-3566 issue (also known as POODLE). Refer to the IBMarticle linked to in the References section for additional details aboutthis change and instructions on how to re-enable SSL 3.0 support if needed.

All users of java-1.7.1-ibm are advised to upgrade to these updatedpackages, containing the IBM Java SE 7R1 SR2 release. All running instancesof IBM Java must be restarted for the update to take effect.

Solution

Before applying this update, make sure all previously released erratarelevant to your system have been applied.

This update is available via the Red Hat Network. Details on how touse the Red Hat Network to apply this update are available athttps://access.redhat.com/articles/11258